1 00:00:00,090 --> 00:00:05,610 Welcome back, folks, this is Rauschenbusch, and this session is about understanding the authentication, 2 00:00:05,880 --> 00:00:09,530 to be very precise, understanding the form based authentication. 3 00:00:10,230 --> 00:00:18,990 So it would be pretty you pretty obvious that whenever you you want to get your access to any of your 4 00:00:18,990 --> 00:00:25,860 accounts, your e-mails, any of your personal information, you have to log into some sort of application. 5 00:00:25,860 --> 00:00:26,130 Right. 6 00:00:26,130 --> 00:00:32,910 And that's where you have to put your email and submit your email password login antiperspirant on those 7 00:00:32,910 --> 00:00:33,230 stuff. 8 00:00:33,510 --> 00:00:39,960 So it is pretty a very regular task for you to make use of those credentials. 9 00:00:40,350 --> 00:00:47,040 But this session will understand how exactly that works, how exactly the phone based authentication 10 00:00:47,040 --> 00:00:47,550 works. 11 00:00:47,880 --> 00:00:52,160 So I understand this, but this is not the only way of authentication before this. 12 00:00:52,170 --> 00:00:56,010 There has been many, but this is something which is pretty successful. 13 00:00:56,340 --> 00:01:02,250 And that's why we still see every every everywhere, in fact, everyone on the Internet. 14 00:01:02,280 --> 00:01:02,610 All right. 15 00:01:02,670 --> 00:01:04,980 So let's get started. 16 00:01:05,910 --> 00:01:14,220 So what happened is a as an example, you have your user, you have your Web server and they database. 17 00:01:14,640 --> 00:01:21,900 As of now, it's pretty clear that database is the purpose of databases to store the user information. 18 00:01:22,530 --> 00:01:31,220 But in case of the authentication, the database would be having a separate table for storing the credentials. 19 00:01:31,590 --> 00:01:31,990 Right. 20 00:01:32,010 --> 00:01:37,230 And this would gatti's the information about individual users, that user name, their first name and 21 00:01:37,240 --> 00:01:38,520 last name, the location. 22 00:01:39,030 --> 00:01:46,590 What was the last time the in and what was what what is the current IP, what was their last IP address 23 00:01:46,590 --> 00:01:47,220 and all those stuff. 24 00:01:47,220 --> 00:01:47,430 Right. 25 00:01:47,910 --> 00:01:48,900 These are dynamic. 26 00:01:48,900 --> 00:01:52,950 What is static goes there bassma their name and location and all of this stuff. 27 00:01:52,950 --> 00:01:53,170 Right. 28 00:01:53,670 --> 00:01:59,630 So that's where you would see a database prison which will carry the user information. 29 00:01:59,640 --> 00:02:05,470 You could see the detail about John Laws, Bob Charlie as well. 30 00:02:05,850 --> 00:02:08,910 So this is something which is already being present in the database. 31 00:02:09,690 --> 00:02:15,580 As of now, we only understand the purpose of Web server is to take care or handling the request and 32 00:02:15,580 --> 00:02:22,200 the response, taking the request and giving it to the database, taking the request back from the database 33 00:02:22,530 --> 00:02:28,260 and then then delivering it to the user as a part of response. 34 00:02:28,270 --> 00:02:28,520 Right. 35 00:02:29,070 --> 00:02:31,200 So that's what the purpose of Web server. 36 00:02:32,760 --> 00:02:37,330 Now, for the user, it's always the there's always Web server. 37 00:02:37,770 --> 00:02:43,140 Now, understand, what exactly happens is a user first sends the request. 38 00:02:43,530 --> 00:02:48,660 The remember, this is nothing but the a kind of a stupid request. 39 00:02:48,660 --> 00:02:57,720 But in case of especially in case of login authentication, when user click on the login problem he 40 00:02:57,720 --> 00:03:00,950 has, he has to submit the credentials. 41 00:03:00,960 --> 00:03:01,190 Right. 42 00:03:01,320 --> 00:03:07,920 You see the login form, it will ask the user to submit the username and password and that is this will 43 00:03:07,920 --> 00:03:09,780 become the EDP post. 44 00:03:10,020 --> 00:03:15,870 If you are following me through the scores, you will understand this has to be a soon to be post because 45 00:03:15,900 --> 00:03:21,960 that's where you upload, you submit some information and that's why it's supposed to be the post request. 46 00:03:22,350 --> 00:03:32,160 Now, this information goes to the database and this has to go in a certain form because when the request 47 00:03:32,160 --> 00:03:39,990 comes to the Web server now, Web server has to decide whether to let the let the user get into our 48 00:03:39,990 --> 00:03:48,510 network or, you know, in the server or not for this the Web server quite easily Dabis to know whether 49 00:03:48,540 --> 00:03:50,310 this is a valid user or not. 50 00:03:50,580 --> 00:03:53,300 So this way is nothing but the escritoire. 51 00:03:53,430 --> 00:03:53,800 All right. 52 00:03:54,150 --> 00:04:00,600 So with the help of Esguerra, the Web server, trying to understand if this is a valid user or not. 53 00:04:01,170 --> 00:04:06,210 Now, this is actually creating these will be having started forming in this form. 54 00:04:06,210 --> 00:04:14,130 And basically, as what we have learned, the way we have deployed, we have created the individual 55 00:04:14,130 --> 00:04:15,650 rules in the database as well. 56 00:04:15,660 --> 00:04:15,960 Right. 57 00:04:16,290 --> 00:04:23,910 So this is how exactly it looks like the Web server create and create and create a sort of security, 58 00:04:23,910 --> 00:04:26,190 which is select data. 59 00:04:26,220 --> 00:04:33,450 Any data from login login would be the name of this entire table and their user name is John. 60 00:04:33,810 --> 00:04:35,460 And Password is random. 61 00:04:35,470 --> 00:04:36,420 One, two, three, step. 62 00:04:36,780 --> 00:04:41,520 So so this this query goes to the database and database. 63 00:04:41,520 --> 00:04:48,630 I mean, then the query perform and the first ID says it verifies with this detail, it says that the 64 00:04:48,900 --> 00:04:55,170 user name is John and the password is this, that this is absolutely correct. 65 00:04:55,170 --> 00:04:59,720 And the request comes and comes back from the Web server and. 66 00:05:00,000 --> 00:05:06,060 The website will get to know, OK, hey, listen, you are a valid user and now you are allowed to access 67 00:05:06,060 --> 00:05:13,050 your resources or you're allowed to get into the website and enjoy it further. 68 00:05:13,410 --> 00:05:16,020 So that's how the authentication really works. 69 00:05:16,410 --> 00:05:24,090 Why we learned this is because when we start hacking the website, when we start hacking the Web application, 70 00:05:24,420 --> 00:05:31,210 the purpose is to get into the system without even knowing the username and password. 71 00:05:31,680 --> 00:05:34,560 I know this sounds crazy, but we'll make this happen. 72 00:05:34,830 --> 00:05:40,170 And for this to understand, it is very, very important for you to understand how the authentication 73 00:05:40,170 --> 00:05:40,890 really works. 74 00:05:41,190 --> 00:05:44,040 What are the frisco's in the user name? 75 00:05:44,050 --> 00:05:45,580 What goes in the password? 76 00:05:46,080 --> 00:05:46,740 It's pretty obvious. 77 00:05:46,740 --> 00:05:52,720 Very John goes into the user name and random one to three star will be there in the password. 78 00:05:52,830 --> 00:05:57,830 This has to be submitted by the user, of course, but this is what will be exploiting it. 79 00:05:58,230 --> 00:06:02,530 When will you try to get the access into the document? 80 00:06:03,000 --> 00:06:03,410 All right. 81 00:06:03,630 --> 00:06:04,790 I hope you got the idea. 82 00:06:04,800 --> 00:06:06,720 We'll catch you in the next session and thinking.